1. Field of the Invention
Aspects of the present invention relate to a method and system for authenticating a Mobile Terminal (MT) in a communication system. More particularly, aspects of the present invention relate to a method and system for relocating an authenticator of an MT without performing a procedure of re-authentication of the MT in a communication system.
2. Description of the Related Art
In a communication system, a service provider carries out a user authentication procedure to determine subscription or non-subscription for users who intend to use a network service and service provision or non-provision. For example, when using Extensible Authentication Protocol (EAP), an MT and an Authentication, Authorization, and Accounting (AAA) server perform an authentication procedure through a serving network of the MT. The authentication procedure is described below with reference to FIG. 1. The EAP represents a protocol for encapsulating and information to facilitate authentication, such as Message Digest number 5 (MD5), Transport Layer Security (TLS), Secure Remote Password (SRP), and the like.
FIG. 1 illustrates a procedure of authenticating an MT in a wireless communication system according to the related art.
Referring to FIG. 1, in step 131, the MT 100 completes a physical layer attachment with an authenticator 110. The MT 100 and the authenticator 110 then initiate a procedure of link-layer entry of the MT 100. In step 133, the authenticator 110 sends the MT 100 an EAP request message (EAP Request/Link-layer) requesting IDentification (ID) information for authentication of the MT 100. At this time, the MT 100 and the authenticator 110 exchange a signal through a Base Station (BS) that is located between the MT 100 and the authenticator 110. The EAP request message is defined here as ‘PKMv2 PKM-REQ/EAP-Transfer’ in the Institute of Electrical and Electronics Engineers (IEEE) 802.16 standard.
In step 135, the MT 100 sends the authenticator 110 an EAP response message (EAP Response/Link-layer) including its own ID information in response to the EAP request message (EAP Request/Link-layer). The EAP response message is defined here as ‘PKM-RSP/EAP-Transfer’ in the IEEE 802.16 standard.
In step 137, the authenticator 110 includes the ID information of the MT 100 included in the EAP response message (EAP Response/Link-layer), in an AAA request message (EAP Response/AAA Request), and sends the AAA request message (EAP Response/AAA Request) to a home AAA server 120.
The AAA server 120 determines an EAP authentication method using the ID information of the MT 100 identified through the AAA request message (EAP Response/AAA Request). In steps 139 and 141, the AAA server 120 transmits the determined EAP authentication method information to the MT 100 through the authenticator 110.
Through an EAP request message (EAP Request/Link-layer) received from the authenticator 110, the MT 100 identifies the EAP authentication method determined by the AAA server 120. In steps 143 and 145, the MT 100 transmits information of the MT 100 necessary for the EAP authentication method to the AAA server 120 through the authenticator 110. In steps 139 to 145, the AAA server 120, the authenticator 110, and the MT 100 repeatedly transmit/receive the EAP authentication method information and the information of the MT 100 necessary for the EAP authentication method, in preparation for packet loss.
The AAA server 120 determines whether to authenticate the MT 100 using the information of the MT 100 necessary for the EAP authentication method included in an AAA request message (EAP Response/AAA Request) received from the authenticator 110. If the AAA server 120 is able to authenticate the MT 100, then in steps 147 and 149, the AAA server 120 sends an authentication success message to the MT 100 through the authenticator 110.
In step 151, the MT 100 completes the link-layer entry with the authenticator 110. If so, then in step 153, the AAA server 120 starts accounting for the authenticator 110. Upon being authenticated from an AAA server and succeeding in a link-layer entry through the above authentication procedure, an MT is provided with a network service.
However, the above authentication procedure can have a problem that a delay caused by transmission/reception of a message between an authenticator and an AAA server results in a failure of a network entry of the MT. For instance, when the MT authenticated from the AAA server moves to a service area of a different network or the authenticator is relocated, the MT should again perform the authentication procedure of FIG. 1. However, there can be a problem that a delay caused by transmission/reception of a message between the authenticator and the AAA server results in a failure of a network entry of the MT.